Enterprise Browsers Belong with a Unified Data Security Solution

An enterprise browser (EB) on its own provides a secure managed environment on unmanaged devices and BYOD for web access to company applications and resources. However, alone as an island, EB often lacks TLS traffic inspection and the ability to provide data security and DLP controls. Pairing an EB with a security service edge (SSE) enables both TLS traffic inspection and data security with DLP, plus many more security controls, threat protection defenses, adaptive access, and real-time coaching to users for risky actions.

Working better together

Together EB and SSE address the top concerns of data leakage and data theft for contractors  accessing company applications and resources or within merger and acquisition projects. If unmanaged device access is not your thing, consider that 8 out of 10 organizations today support it, allowing users to access work resources and increase productivity. The average user has 2.5 devices for work, and when they are enabled, they gain 58 more minutes of work time per day to get work done. Overall, more than two-thirds of organizations see a productivity jump when enabling unmanaged device access.

Yes, BYOD introduces security challenges including data protection, compliance, risk of data leakage and theft, and unauthorized access to sensitive data. These unmanaged devices are not within your control for policies, update cycles, or installed applications, and may be infected, lost, stolen, or jailbroken. While the business value of increased productivity is high, the security challenges are real for BYOD and cannot be ignored.

So, while the unmanaged device is out of your control, you can control the web browser used to access websites, applications, conferencing, video streaming, and webinars. Case in point, the Netskope One Enterprise Browser is Chromium-based with hardening, which includes disabling unnecessary browser features, browser impersonation protection, encrypted assets, tight control of browser extensions with a self-service design, and requires no administration to install it. Once installed, it provides a self-contained workspace on collaborator devices and BYOD, including steering to SSE capabilities with integrated identity service authentication, plus configurable homepages with app links relevant to each group of users.  

The power of integration

The integration of EB with an SSE platform is important for provisioning, authentication, specific real-time policy controls, common real-time policies, user coaching, and protecting data at the endpoint and its access through SSE inspection. The integration accelerates time to value and operational efficiency by easily extending existing SSE application control policies to BYOD users and contractors. Here are some key integration points to consider: 

• Data protection on unmanaged devices including copy, paste, and print
• Inline SSE data security and DLP for web, applications, and cloud services
• Apply policy controls by application instance (company vs personal)
• Real-time policy controls specific to EB traffic steering for SSE inspection
• Ability to provide real-time coaching and collect justifications for user actions
• Behavior anomaly detection for insiders, compromise, and data exfiltration
• User behavior scoring and app risk ratings available to adaptive access controls
• Recognizes multiple tenant profiles for contractors working with many companies
• Leverages SSE-integrated identity services before EB access is allowed
• Secure managed browser that is easy to self-install or invite via custom emails
• SSE threat protection, including from EB evasive attacks (i.e. Lumma Stealer)
• High performance access covering 75+ regions and 200+ localization zones
• Single platform strategy of EB with SSE (SWG, CASB, ZNTA) within one console 
• Benefits of network security consolidation, cost reduction, and less complexity
• Increase agility to quickly support new users, contractors, or M&A projects

For example, users with unmanaged devices or BYOD with EB installed can access the company instance of Google Drive from the self-contained workspace with copy and print actions blocked, while also benefiting from inline SSE data protection and threat protection. They can also access their personal instance of Google Drive on their device, but they would not be able to move files from the company Google Drive instance to their personal one. Why use this example? Well, research from Netskope Threat Labs shows a 300% increase in data theft in the last 30 days of employment and Google Drive is the leading app for this type of data exfiltration. 

Conclusion

At Netskope we firmly believe that an enterprise browser is more than a standalone island to protect browser access. EBs are part of a larger single platform strategy for SSE and SASE for unmanaged devices and BYOD access to your most important asset–your data. Learn more by watching this demo or reading this webpage.